On Sun, Aug 14, 2005 at 06:05:44PM +0100, Tristan Wibberley wrote:
> Surely when running su and sudo, the console input is protected from
> keylogging?
No. Consider that if your user account is compromised, you can't even be
sure that you are running su or sudo, and not a trojan.
> Otherwise there is little point to requiring proof that a user running
> sudo synaptic is the real user. That is the point of sudo, I can do my
> normal web browsing on my normal account and trust that an attacker can't
> screw the system (bugs in the kernel or setuid programs excepted), if this
> is not true administration shouldn't be available (or at least not
> recommended) through sudo, you should log out and log into an
> administration account that just has administration functions.
It is a tradeoff; if you prefer to administer your system this way, simply
set a root password and remove yourself from the admins group.
> Which makes me think of something else. The password caching of sudo is
> supposed to be safe because the user that typed the password is expected
> to still be nearby, which only helps when somebody is running sudo from
> the console - if the attacker is running programs over the network a
> cached password lets an attacker do stuff without anybody being able to
> tell and without anything to stop it.
That's why sudo (as configured by default in Ubuntu) only allows the cached
ticket to be used on the same terminal.
> > , combined with a screenscrape to always be able
> > to see *exactly* what you're doing, they can insert in whatever they
> > like ... basically, if someone has your account, you're totally
> > screwed, and there's no way to prevent that. They have effectively just
> > become you.
>> I think that is a big bug. When I type my password at the console for
> sudo or su or gksu, it proves it is me at the keyboard, so input on that
> keyboard can be trusted for a while. That is very different from the
> attacker being me. So they are not the same, and logically something
> *could* be done about it.
See above.
--
- mdz